Clients unprepared for new cookie law

UK organisations still need “substantial work” doing to their websites to reflect new data protection rules, despite their date of enforcement being less than 50 days away.

In a verdict that suggests the 12-month deferment to fresh cookie-related requirements has not been put to good use, KPMG found that 95% of outfits with one website or more are unprepared.

That means almost all organisations risk penalties of up to £500,000 if, by May 26th 2012, their website(s) continues not to seek permission from visitors to use the small files that monitor their online habits.

But merely updating or referring to cookie usage under the site’s terms or conditions or privacy policy, which most of the scrutinised outfits have done, is not sufficient to comply with the new rules (the EU Directive on Privacy and Electronic Communications).

“With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites,” said KPMG partner Stephen Boner.

“[Our] analysis showed a surprising lack of compliance with only one [website] asking specifically for opt-in which is the key requirement of the directive. Surprisingly, two sites did not use any cookies at all.”

Other sites use thousands of cookies, even though the average number per website emerged as between 5 and 10. Two of the sites scrutinised mentioned that they were being updated to become compliant before the May 26th deadline.

“Time is running out”, Mr Boner reflected. “Organisations now need to focus their efforts on establishing an inventory of their web sites and the cookies currently in use, before evaluating their purpose and establish a pragmatic plan to ensure compliance.”


12th April 2012

Related News

Latest News